Compliance

B2B Customer Gate Data Protection Overview

This page summarizes how the app processes protected customer data, how merchants can manage data lifecycle controls, and which security and operational practices support Shopify protected customer data review.

Privacy and Data Processing

B2B Customer Gate processes merchant and customer account data strictly to power B2B registration, customer approval workflows, storefront access control, merchant notifications, and compliance responses required by Shopify.

  • Primary data categories: customer name, email, phone, address details, company name, approval status, tags, registration field values, and merchant-configured email settings.
  • Processing purposes: wholesale registration review, customer approval decisions, access gating, audit history, and transactional notifications.
  • The app does not use protected customer data for advertising, retargeting, or resale.

Retention

Personal data is retained only while needed to operate the installed app, satisfy merchant support requests, or respond to Shopify compliance obligations.

  • Merchants can delete app data by uninstalling with data purge enabled or by resetting shop data from the app settings.
  • Shopify GDPR webhooks are supported for customer data requests, customer redaction, and shop redaction.
  • Redacted records are anonymized when deletion requests are received so the app can preserve compliance-safe audit references without retaining identifiable customer data.

Security Controls

Sensitive operational secrets are encrypted at rest inside the application data layer, and protected customer data access is logged in the admin review workflow.

  • Stored Shopify access tokens, refresh tokens, and merchant SMTP passwords are encrypted before database storage.
  • Protected customer data access from the admin customer review workflow is recorded in the audit log with actor, timestamp, IP context, and accessed resource metadata.
  • Transport security depends on deployment over HTTPS and secure database/network configuration managed by the operator.

Incident Response

The application operator maintains an incident response workflow for triage, containment, recovery, merchant communication, and corrective actions.

  • Security events should be assessed immediately, access should be limited, affected credentials rotated, and impacted merchants notified when required.
  • Audit logs and platform logs should be reviewed to determine scope and exposure.
  • Follow-up actions should include remediation, validation, and documentation of lessons learned.

Subprocessors and Vendor DPA Process

Infrastructure and delivery vendors vary by deployment. The app operator is responsible for maintaining a subprocessor inventory and executing data processing terms with any vendor that stores or transmits protected customer data.

  • Typical subprocessors include hosting, managed database providers, log/monitoring services, and email delivery providers such as Resend or merchant-provided SMTP services.
  • A vendor must not receive protected customer data in production until data protection terms are in place and the vendor passes a security review.
  • Merchants can request the current subprocessor list and operational contact details from the app operator.